<html>
    <head>
      <base href="http://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - malloc type check needs to consider subclass struct pattern"
   href="http://llvm.org/bugs/show_bug.cgi?id=16055">16055</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>malloc type check needs to consider subclass struct pattern
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>kremenek@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>pelle@morth.org
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvmbugs@cs.uiuc.edu
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=10536" name="attach_10536" title="test case">attachment 10536</a> <a href="attachment.cgi?id=10536&action=edit" title="test case">[details]</a></span>
test case

While not super common common today, there exists a pattern in C where you
create subclasses by having a struct with another struct as the first member
and casting between the two.

The incompatible pointer types check for malloc needs to take this into
consideration. Casting to the type that's the first member of the sizeof type
should be valid, see attached sample code (which should analyze clean).

E.g. PHP zend headers still uses this as of version 5.3.3
(ALLOCATE_PERMANENT_ZVAL macro). Anyone who programmed in classic MacOS should
also be familiar with it. :)

Steps to reproduce:

cc --analyze foo.c

Expected result:

Empty foo.plist

Actual result:

foo.c:15:18: warning: Result of 'malloc' is converted to a pointer of type
'struct a', which is incompatible with sizeof operand
      type 'struct b'
        struct a *var = malloc(sizeof (struct b));
        ~~~~~~~~~~      ^~~~~~ ~~~~~~~~~~~~~~~~~
1 warning generated.

Version info:
clang version 3.4 (<a href="http://llvm.org/git/clang.git">http://llvm.org/git/clang.git</a>
7b773002d0beae96a8a34ec9413877242381ec75) (<a href="http://llvm.org/git/llvm.git">http://llvm.org/git/llvm.git</a>
d6b4caf291aa8c3cd4bcb5f3b55b72621b506278)
Target: x86_64-unknown-linux-gnu
Thread model: posix</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>